package com.imooc.security.rbac;

import java.util.HashSet;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;

/**
 * 7.4.3 实现RbacService
 */
@Component("rbacService")
public class RbacServiceImpl implements RbacService{

	private AntPathMatcher antPathMatcher = new AntPathMatcher();
	
	/**
	 * 7.4.4 判断是否有权限
	 */
	@Override
	public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
		Object principal = authentication.getPrincipal();
		boolean hasPermission = false;

		if(principal instanceof UserDetails){
			String username = ((UserDetails)principal).getUsername();
			
			// 读取用户所拥有的所有URL
			Set<String> urls = new HashSet<String>();
			for (String url : urls) {
				if(antPathMatcher.match(url, request.getRequestURI())){
					hasPermission = true;
					break;
				}
			}
		}
		return hasPermission;
	}

}
